Nitrokey gnuk firmware update via DFU

Table of Contents

The Nitrokey (start) can be upgraded to a newer GNUK firmware. However, this can only be done via ST Link or DFU, if you use the Gnuk USB firmware upgrade you will brick the device. This guide shows you how to attach a DFU adapter and how to flash firmware to a Nitrokey, both for upgrading or unbricking an USB upgraded one.

So sadly I have to use Windows software, the ST Demo Loader. Download and install it and connect the DFU-Nitrokey to the Windows machine.

Update

This post on the mailinglist states that you could use the -k flag with stm32flash to remove the read protection as well. It also states to not forget to use the -j to read-protect the Nitrokey again after you're done flashing if you intend to put real keys on there.

I tested this and it works, so you don't need the Windows tool in the end. Scroll down for the Linux/stm32flash way.

End update

Also copy the compiled GNUK binary (gnuk/src/build/gnuk.bin) to the Windows machine.

Flashing via Windows

Start the utility up and select the correct COM port (COM4 for me):

If the protection is set the tool will show a red traffic light and a Remove Protection button. Click and complete that, then click next:

Click Next:

Select Download to device, Erase the necessary pages and choose the gnuk.bin file:

It will erase the flash:

Then upload the firmware:

It will complete with a nice green bar:

Now the binary is flashed and your Nitrokey should work. In my case, it sucessfully worked with gnuk 1.2: